Will this help to reduce attacks on users who rarely update their plugins?

Share this story

Immediately following the release of OS X Lion 10.7.4 on Wednesday afternoon, which included Safari 5.1.6, Apple released a separate update to Safari 5.1.7. The update, available for both Lion and Snow Leopard, will disable any out-of-date Flash plugin that is currently installed, "to help keep your Mac secure."

Adobe's Flash plugin is a popular exploit vector since it's widely installed on people's desktops but rarely updated by average users. Flaws that have been long-patched may still be wide-open on systems with out-of-date versions of the Flash plugin.

The Safari 5.1.7 update addresses that issue by automatically disabling the currently installed version of Flash if it's out of date, according to Apple. Safari will then display a dialog linking to the latest version so it can be installed with a more recent version. Users can manually enable older versions if necessary, though there's rarely a good reason not to go ahead and install the latest version.

The update also includes two fixes near and dear to my heart. Safari 5.1.7 improves responsiveness when the system is low on memory, and fixes an issue that would lock up webpages after using pinch to zoom (usually by accident). There is also a fix for problematic forms used to authenticate users of some websites.

Safari 5.1.7 can be installed on Lion after applying the 10.7.4 update, and on Snow Leopard after applying Security Update 2012-002.